Workers can easily use e-mail and electronic messages to send trade secrets and other confidential information to third parties. Whilst these can be sent by accident, the main risk to organisations is from disgruntled employees or those who are about to leave the organisation.
For example, the organisation's customer database is often a target for theft months before someone is about to leave employment.
So what can an organisation do to mitigate any risks from theft or breach of business-confidential information through the organisation's online systems and networks? This article explores the options.
Ideally, all employees and contract workers will have confidentiality clauses written into their contracts, although where there is no express contractual obligation of confidentiality, a duty may well arise between employer and employee under certain circumstances.
The challenge, of course is to stop breaches of confidentiality before they can happen by deploying good security. In some cases employers have discovered their employees operating their own business at work using their employer's email system and database. Employees should be made aware that claims for breach of confidence can be made against them if they send, copy or forward sensitive commercial information to unauthorised third parties.
Examples of confidentiality or non-disclosure clauses
The following are examples of the types of clauses that may be appropriate in full or in part.
Non-disclosure Clause: Example 1
“You are required to maintain an appropriate standard of confidentiality. Any disclosures of confidential information (including personal information kept on computer or other media) made unlawfully outside the proper course of duty will be treated as a serious disciplinary offence.”
Non-disclosure Clause: Example 2
“Any employee disclosing confidential/patient records or information to any unauthorised person or persons will render the employee subject to disciplinary action, which may result in dismissal.”
Non-disclosure Clause: Example 3
"You are required to preserve the confidentiality of any information regarding patients, staff (in connection with their employment), and the practice business and this obligation shall continue indefinitely. A breach of this requirement will be regarded as gross misconduct and as such will be grounds for dismissal, subject to the provision of the disciplinary procedure.
Non-disclosure: Example 4
"You will not at any time during your employment (except as so far as is necessary in the course of your employment) or afterwards, disclose to any person any information as to the business, dealings, practice, accounts, finances, trading, software, know-how, affairs of the practice of any of the company's customer or prospective customers, distributors, firms or companies otherwise connected with the company. All information held about the company or in connection with the company and any of the above is to be regarded as confidential. All notes, memoranda, records and other documents of the employer and in your possession are and shall remain the property of the employer and shall be handed over by you to the employer from time to time on demand and, in any event, upon termination of your employment. Given the highly confidential nature of the work you will undertake, you should understand the telephone conversation in particular should be conducted in a confidential manner. You should understand that any breach of this clause would constitute a very serious disciplinary offence for which you may be dismissed. Should you breach this clause after your employment has ended, the organisation may take legal action against you."
Trade secrets policy
Introduce a trade secrets policy and make compliance with the policy a condition of employment. Each employee should acknowledge in writing that they have received and reviewed the trade secrets policy.
Conduct an exit interview with departing employees to discuss trade secrets and confidential information, and the ongoing contractual obligations of the departing employee. Treat the exit interview as a good opportunity to learn where the employee will be working next. This could alert you to the risk of confidential information being disclosed if the departing employee will be working for a competitor or starting their own company that will compete with yours.
Write a confidentiality clause into all contracts with vendors where they will have access to confidential information or trade secrets.
Restrict access to confidential information for those who don't need access in order to carry out their employment duties. Lock down computer systems using password protection or lock paper files in secure storage. Make sure that password are not written down and changed regularly.
Invest in good quality data loss software that monitors business confidential information and alerts to possible incidents of improper disclosure.